Merge branch 'master' into feature-fluffygate

roles/custom/matrix-alertmanager-receiver/defaults/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # matrix-alertmanager-receiver is a service which receives webhook payloads from Prometheus' Alertmanager and forwards them to a Matrix room.
@@ -6,7 +11,7 @@
 matrix_alertmanager_receiver_enabled: true
 
 # renovate: datasource=docker depName=docker.io/metio/matrix-alertmanager-receiver
-matrix_alertmanager_receiver_version: 2024.12.18
+matrix_alertmanager_receiver_version: 2025.3.26
 
 matrix_alertmanager_receiver_scheme: https
 
@@ -25,11 +30,12 @@ matrix_alertmanager_receiver_container_image_self_build_repo: https://github.com
 matrix_alertmanager_receiver_container_image_self_build_repo_version: "{{ 'main' if matrix_alertmanager_receiver_version == 'main' else matrix_alertmanager_receiver_version }}"
 matrix_alertmanager_receiver_container_src_path: "{{ matrix_alertmanager_receiver_base_path }}/container-src"
 
-matrix_alertmanager_receiver_container_image: "{{ matrix_alertmanager_receiver_container_image_name_prefix }}metio/matrix-alertmanager-receiver:{{ matrix_alertmanager_receiver_container_image_tag }}"
-matrix_alertmanager_receiver_container_image_name_prefix: "{{ 'localhost/' if matrix_alertmanager_receiver_container_image_self_build else matrix_alertmanager_receiver_container_image_registry_prefix }}"
+matrix_alertmanager_receiver_container_image: "{{ matrix_alertmanager_receiver_container_image_registry_prefix }}metio/matrix-alertmanager-receiver:{{ matrix_alertmanager_receiver_container_image_tag }}"
 matrix_alertmanager_receiver_container_image_tag: "{{ matrix_alertmanager_receiver_version }}"
 matrix_alertmanager_receiver_container_image_force_pull: "{{ matrix_alertmanager_receiver_container_image.endswith(':main') }}"
-matrix_alertmanager_receiver_container_image_registry_prefix: docker.io/
+matrix_alertmanager_receiver_container_image_registry_prefix: "{{ matrix_alertmanager_receiver_container_image_registry_prefix_upstream }}"
+matrix_alertmanager_receiver_container_image_registry_prefix_upstream: "{{ matrix_alertmanager_receiver_container_image_registry_prefix_upstream_default }}"
+matrix_alertmanager_receiver_container_image_registry_prefix_upstream_default: "docker.io/"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_alertmanager_receiver_container_network: ''
@@ -218,7 +224,7 @@ matrix_alertmanager_receiver_config_templating_resolved_template: |-
 #
 # For a more advanced customization, you can extend the default (see `matrix_alertmanager_receiver_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
-matrix_alertmanager_receiver_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
+matrix_alertmanager_receiver_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 
 matrix_alertmanager_receiver_configuration_extension_yaml: |
   # Your custom YAML configuration for matrix-alertmanager-receiver goes here.

roles/custom/matrix-alertmanager-receiver/tasks/install.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure matrix-alertmanager-receiver paths exist

roles/custom/matrix-alertmanager-receiver/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-alertmanager-receiver/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-alertmanager-receiver service

roles/custom/matrix-alertmanager-receiver/tasks/validate_config.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - name: Fail if required matrix-alertmanager-receiver settings not defined
   ansible.builtin.fail:
@@ -12,3 +16,11 @@
     - {'name': 'matrix_alertmanager_receiver_container_network', when: true}
     - {'name': 'matrix_alertmanager_receiver_metrics_proxying_hostname', when: "{{ matrix_alertmanager_receiver_metrics_proxying_enabled }}"}
     - {'name': 'matrix_alertmanager_receiver_metrics_proxying_path_prefix', when: "{{ matrix_alertmanager_receiver_metrics_proxying_enabled }}"}
+
+- name: (Deprecation) Catch and report renamed matrix-alertmanager-receiver variables
+  ansible.builtin.fail:
+    msg: >-
+      The variable `{{ item.old }}` is deprecated. Please use `{{ item.new }}` instead.
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_alertmanager_receiver_container_image_name_prefix', 'new': 'matrix_alertmanager_receiver_container_image_registry_prefix'}

roles/custom/matrix-alertmanager-receiver/templates/config.yaml.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-alertmanager-receiver/templates/labels.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_alertmanager_receiver_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-alertmanager-receiver 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-alertmanager-receiver
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-alertmanager-receiver 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-alertmanager-receiver 2>/dev/null || true'
 
 Restart=always

roles/custom/matrix-alertmanager-receiver/templates/systemd/matrix-alertmanager-receiver.service.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-appservice-double-puppet/defaults/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 matrix_appservice_double_puppet_enabled: true

roles/custom/matrix-appservice-double-puppet/tasks/install.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure matrix-appservice-double-puppet paths exist

roles/custom/matrix-appservice-double-puppet/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-appservice-double-puppet/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure matrix-appservice-double-puppet paths don't exist

roles/custom/matrix-appservice-double-puppet/tasks/validate_config.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - name: Fail if required matrix-appservice-double-puppet settings not defined
   ansible.builtin.fail:

roles/custom/matrix-appservice-double-puppet/templates/registration.yaml.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # The ID doesn't really matter, put whatever you want.
 id: {{ matrix_appservice_double_puppet_registration_id | to_json }}
 # The URL is intentionally left empty (null), as the homeserver shouldn't

roles/custom/matrix-appservice-draupnir-for-all/defaults/main.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 # A moderation tool for Matrix
 # Project source code URL: https://github.com/the-draupnir-project/Draupnir
@@ -5,13 +12,15 @@
 matrix_appservice_draupnir_for_all_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_appservice_draupnir_for_all_version: "v2.0.1"
+matrix_appservice_draupnir_for_all_version: "v2.2.0"
 
 matrix_appservice_draupnir_for_all_container_image_self_build: false
 matrix_appservice_draupnir_for_all_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
 
-matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
-matrix_appservice_draupnir_for_all_docker_image_name_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix: "{{ 'localhost/' if matrix_appservice_draupnir_for_all_container_image_self_build else matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default }}"
+matrix_appservice_draupnir_for_all_docker_image_registry_prefix_upstream_default: "docker.io/"
+matrix_appservice_draupnir_for_all_docker_image: "{{ matrix_appservice_draupnir_for_all_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_appservice_draupnir_for_all_version }}"
 matrix_appservice_draupnir_for_all_docker_image_force_pull: "{{ matrix_appservice_draupnir_for_all_docker_image.endswith(':latest') }}"
 
 matrix_appservice_draupnir_for_all_base_path: "{{ matrix_base_data_path }}/draupnir-for-all"
@@ -43,12 +52,12 @@ matrix_appservice_draupnir_for_all_systemd_wanted_services_list: []
 # Note: Draupnir is fairly verbose - expect a lot of messages from it.
 # This room is diffrent for Appservice Mode compared to normal mode.
 # In Appservice mode it provides functions like user management.
-matrix_appservice_draupnir_for_all_master_control_room_alias: ""
+matrix_appservice_draupnir_for_all_config_adminRoom: ""  # noqa var-naming
 
-# Placeholder Remenant of the fact that Cat belived Master Control Room to be separated from Access Control Policy List.
-# The alias of the Policy list used to control who can provision a bot for them selfs.
-# This should be a room alias - not a matrix.to URL.
-# matrix_appservice_draupnir_for_all_management_policy_list_alias: ""
+# Controls if the room state backing store is activated.
+# Room state backing store makes restarts of the bot lightning fast as the bot does not suffer from amnesia.
+# This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
+matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled: false  # noqa var-naming
 
 matrix_appservice_draupnir_for_all_database_username: matrix_appservice_draupnir_for_all
 matrix_appservice_draupnir_for_all_database_password: 'some-passsword'

roles/custom/matrix-appservice-draupnir-for-all/tasks/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_install.yml

@@ -1,3 +1,11 @@
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - ansible.builtin.set_fact:

roles/custom/matrix-appservice-draupnir-for-all/tasks/setup_uninstall.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-appservice-draupnir-for-all service

roles/custom/matrix-appservice-draupnir-for-all/tasks/validate_config.yml

@@ -1,9 +1,27 @@
+# SPDX-FileCopyrightText: 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required matrix-bot-draupnir variables are undefined
   ansible.builtin.fail:
     msg: "The `{{ item }}` variable must be defined and have a non-null value."
   with_items:
-    - "matrix_appservice_draupnir_for_all_master_control_room_alias"
+    - "matrix_appservice_draupnir_for_all_config_adminRoom"
     - "matrix_bot_draupnir_container_network"
   when: "vars[item] == '' or vars[item] is none"
+
+- name: (Deprecation) Catch and report renamed matrix-appservice-draupnir-for-all settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_appservice_draupnir_for_all_docker_image_name_prefix', 'new': 'matrix_appservice_draupnir_for_all_docker_image_registry_prefix'}
+    - {'old': 'matrix_appservice_draupnir_for_all_enable_room_state_backing_store', 'new': 'matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled'}
+    - {'old': 'matrix_appservice_draupnir_for_all_master_control_room_alias', 'new': 'matrix_appservice_draupnir_for_all_config_adminRoom'}

roles/custom/matrix-appservice-draupnir-for-all/templates/production-appservice.yaml.j2

@@ -1,3 +1,11 @@
+{#
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 homeserver:
   # The Matrix server name, this will be the name of the server in your Matrix ID.
   domain: "{{ matrix_domain }}"
@@ -11,8 +19,14 @@ db:
 
 # A room you have created that scopes who can access the appservice.
 # See docs/access_control.md
-adminRoom: "{{ matrix_appservice_draupnir_for_all_master_control_room_alias }}"
+adminRoom: {{ matrix_appservice_draupnir_for_all_config_adminRoom | to_json }}
 
 # This is a web api that the widget connects to in order to interact with the appservice.
 webAPI:
   port: 9000
+
+# The directory the bot should store various bits of information in
+dataPath: "/data"
+
+roomStateBackingStore:
+  enabled: {{ matrix_appservice_draupnir_for_all_config_roomStateBackingStore_enabled | to_json }}

roles/custom/matrix-appservice-draupnir-for-all/templates/production-bots.yaml.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024 - 2025 Catalan Lover <catalanlover@protonmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # The log level of terminal (or container) output,
 # can be one of DEBUG, INFO, WARN and ERROR, in increasing order of importance and severity.
 #
@@ -67,3 +74,20 @@ commands:
       - "brigading"
       - "harassment"
       - "disagreement"
+
+# Safe mode provides recovery options for some failure modes when Draupnir
+# fails to start. For example, if the bot fails to resolve a room alias in
+# a watched list, or if the server has parted from a protected room and can't
+# find a way back in. Safe mode will provide different options to recover from
+# these. Such as unprotecting the room or unwatching the policy list.
+# By default Draupnir will boot into safe mode only when the failure mode
+# is recoverable.
+# It may be desirable to prevent the bot from starting into safe mode if you have
+# a pager system when Draupnir is down, as Draupnir could prevent your monitoring
+# system from identifying a failure to start.
+#safeMode:
+#  # The option for entering safe mode when Draupnir fails to start up.
+#  # - "RecoveryOnly" will only start the bot in safe mode when there are recovery options available. This is the default.
+#  # - "Never" will never start the bot in safe mode when Draupnir fails to start normally.
+#  # - "Always" will always start the bot in safe mode when Draupnir fails to start normally.
+#  bootOption: RecoveryOnly

roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-appservice-draupnir-for-all
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-appservice-draupnir-for-all 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-appservice-draupnir-for-all 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-appservice-draupnir-for-all/templates/systemd/matrix-appservice-draupnir-for-all.service.j2.license

@@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2024 Catalan Lover <catalanlover@protonmail.com>
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/defaults/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # matrix-authentication-service (MAS) is an OAuth 2.0 and OpenID Provider server for Matrix.
@@ -17,9 +22,11 @@ matrix_authentication_service_container_repo_version: "{{ 'main' if matrix_authe
 matrix_authentication_service_container_src_files_path: "{{ matrix_base_data_path }}/matrix-authentication-service/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service
-matrix_authentication_service_version: 0.12.0
-matrix_authentication_service_container_image: "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service:{{ matrix_authentication_service_version }}"
-matrix_authentication_service_container_image_name_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
+matrix_authentication_service_version: 0.14.1
+matrix_authentication_service_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_container_image_registry_prefix_upstream }}"
+matrix_authentication_service_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_container_image_registry_prefix_upstream_default }}"
+matrix_authentication_service_container_image_registry_prefix_upstream_default: "ghcr.io/"
+matrix_authentication_service_container_image: "{{ matrix_authentication_service_container_image_registry_prefix }}element-hq/matrix-authentication-service:{{ matrix_authentication_service_version }}"
 matrix_authentication_service_container_image_force_pull: "{{ matrix_authentication_service_container_image.endswith(':latest') }}"
 
 matrix_authentication_service_base_path: "{{ matrix_base_data_path }}/matrix-authentication-service"
@@ -161,13 +168,13 @@ matrix_authentication_service_config_email_reply_to_address: "{{ matrix_authenti
 
 # Controls the `email.transport` configuration setting.
 #
-# Valid options are: blackhole, smtp, aws_ses
+# Valid values: blackhole, smtp, aws_ses
 # Upstream reports that `sendmail` is supported as well,
 # but this is not true when running it in a container image due to the `sendmail` binary not being included.
 matrix_authentication_service_config_email_transport: blackhole
 
 # Controls the `email.mode` configuration setting for SMTP.
-# Options are 'plain', 'tls', or 'starttls'.
+# Valid values: plain, tls, starttls
 matrix_authentication_service_config_email_mode: plain
 
 # Controls the `email.hostname` configuration setting for SMTP.
@@ -220,7 +227,7 @@ matrix_authentication_service_config_account_password_change_allowed: true
 
 # Controls the `account.password_recovery_enabled` configuration setting.
 #
-# Whether email-based password recovery is enabled
+# Whether email-based password recovery is enabled.
 # This has no effect if password login is disabled.
 matrix_authentication_service_config_account_password_recovery_enabled: false
 
@@ -340,7 +347,7 @@ matrix_authentication_service_config_http_trusted_proxies:
 matrix_authentication_service_config_matrix_homeserver: ""
 
 # Controls the `matrix.endpoint` configuration setting.
-# URL to which the homeserver is accessible from the service
+# URL to which the homeserver is accessible from the service.
 matrix_authentication_service_config_matrix_endpoint: ""
 
 # Controls the `matrix.secret` configuration setting.
@@ -361,20 +368,20 @@ matrix_authentication_service_config_matrix_secret: ""
 
 # Controls the `passwords.enabled` configuration setting.
 # Whether to enable the password database.
-# If disabled, users will only be able to log in using upstream OIDC providers
+# If disabled, users will only be able to log in using upstream OIDC providers.
 matrix_authentication_service_config_passwords_enabled: true
 
 # Controls the `passwords.schemes` configuration setting.
 # List of password hashing schemes being used.
-# Only change this if you know what you're doing
+# Only change this if you know what you're doing.
 matrix_authentication_service_config_passwords_schemes:
   - version: 1
     algorithm: argon2id
 
 # Controls the `passwords.minimum_complexity` configuration setting.
-# Minimum complexity required for passwords, estimated by the zxcvbn algorithm
-# Must be between 0 and 4, default is 3
-# See https://github.com/dropbox/zxcvbn#usage for more information
+# Minimum complexity required for passwords, estimated by the zxcvbn algorithm.
+# Must be between 0 and 4. Default is 3.
+# See https://github.com/dropbox/zxcvbn#usage for more information.
 matrix_authentication_service_config_passwords_minimum_complexity: 3
 
 ########################################################################################
@@ -502,7 +509,7 @@ matrix_authentication_service_container_labels_public_main_tls_certResolver: "{{
 # - https://element-hq.github.io/matrix-authentication-service/setup/reverse-proxy.html#compatibility-layer
 #
 # Regardless of whether this is enabled, it may or may not take effect due to the value of other variables.
-# See `matrix_authentication_service_container_labels_traefik_enabled`
+# See `matrix_authentication_service_container_labels_traefik_enabled`.
 matrix_authentication_service_container_labels_public_compatibility_layer_enabled: false
 matrix_authentication_service_container_labels_public_compatibility_layer_hostname: ""
 matrix_authentication_service_container_labels_public_compatibility_layer_path_regexp: "^/_matrix/client/(?P<version>([^/]+))/(?P<endpoint>(login|logout|refresh))"
@@ -555,9 +562,11 @@ matrix_authentication_service_syn2mas_start_wait_time_seconds: 5
 matrix_authentication_service_syn2mas_dry_run: false
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/matrix-authentication-service/syn2mas
-matrix_authentication_service_syn2mas_version: 0.12.0
-matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_container_image_name_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
-matrix_authentication_service_syn2mas_container_image_name_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else 'ghcr.io/' }}"
+matrix_authentication_service_syn2mas_version: 0.14.1
+matrix_authentication_service_syn2mas_container_image: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix }}element-hq/matrix-authentication-service/syn2mas:{{ matrix_authentication_service_syn2mas_version }}"
+matrix_authentication_service_syn2mas_container_image_registry_prefix: "{{ 'localhost/' if matrix_authentication_service_container_image_self_build else matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream }}"
+matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream: "{{ matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default }}"
+matrix_authentication_service_syn2mas_container_image_registry_prefix_upstream_default: ghcr.io/
 matrix_authentication_service_syn2mas_container_image_force_pull: "{{ matrix_authentication_service_syn2mas_container_image.endswith(':latest') }}"
 
 matrix_authentication_service_syn2mas_container_image_self_build: "{{ matrix_authentication_service_container_image_self_build }}"

roles/custom/matrix-authentication-service/tasks/install.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix Authentication Service paths exist

roles/custom/matrix-authentication-service/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-authentication-service/tasks/mas_cli_doctor.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix Authentication Service is started

roles/custom/matrix-authentication-service/tasks/register_user.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if playbook called incorrectly

roles/custom/matrix-authentication-service/tasks/syn2mas.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - ansible.builtin.set_fact:
@@ -106,7 +111,7 @@
 # See: https://ansibledaily.com/print-to-standard-output-without-escaping/
 #
 # We want to run `debug: msg=".."`, but that dumps it as JSON and escapes double quotes within it,
-# which ruins the command (`matrix_authentication_service_syn2mas_migration_command`)
+# which ruins the command (`matrix_authentication_service_syn2mas_migration_command`).
 - name: Note about syn2mas migration
   ansible.builtin.set_fact:
     dummy: true

roles/custom/matrix-authentication-service/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-authentication-service service

roles/custom/matrix-authentication-service/tasks/util/prepare_key.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Prepare Matrix Authentication Service private key file path ({{ private_key_definition.key_file }})

roles/custom/matrix-authentication-service/tasks/validate_config.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required matrix-authentication-service settings not defined
@@ -29,3 +34,13 @@
   ansible.builtin.fail:
     msg: "matrix_authentication_service_config_email_transport must be one of: blackhole, smtp, or aws_ses"
   when: "matrix_authentication_service_config_email_transport not in ['blackhole', 'smtp', 'aws_ses']"
+
+- name: (Deprecation) Catch and report renamed matrix-authentication-service settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_authentication_service_container_image_name_prefix', 'new': 'matrix_authentication_service_container_image_registry_prefix'}
+    - {'old': 'matrix_authentication_service_syn2mas_container_image_name_prefix', 'new': 'matrix_authentication_service_syn2mas_container_image_registry_prefix'}

roles/custom/matrix-authentication-service/templates/bin/mas-cli.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/bin/register-user.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/config.yaml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/env.j2

@@ -1 +1,7 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {{ matrix_authentication_service_environment_variables_extension }}

roles/custom/matrix-authentication-service/templates/labels.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_authentication_service_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-authentication-service/templates/provider/anthropic-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/provider/groq-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/provider/mistral-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/provider/openai-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-authentication-service 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-authentication-service
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-authentication-service 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-authentication-service 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-authentication-service/templates/systemd/matrix-authentication-service.service.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-authentication-service/vars/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # Like `matrix_authentication_service_config_http_public_base` but a private base URL only accessible from within the container network.

roles/custom/matrix-base/defaults/main.yml

@@ -1,3 +1,32 @@
+# SPDX-FileCopyrightText: 2019 - 2021 Aaron Raimist
+# SPDX-FileCopyrightText: 2019 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2019 Dan Arnfield
+# SPDX-FileCopyrightText: 2019 Edgars Voroboks
+# SPDX-FileCopyrightText: 2019 Lyubomir Popov
+# SPDX-FileCopyrightText: 2019 Stuart Mumford
+# SPDX-FileCopyrightText: 2020 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2020 Alin Trăistaru
+# SPDX-FileCopyrightText: 2020 Chris van Dijk
+# SPDX-FileCopyrightText: 2020 Horvath Gergely
+# SPDX-FileCopyrightText: 2020 Tobias Küchel
+# SPDX-FileCopyrightText: 2021 Blaž Tomažič
+# SPDX-FileCopyrightText: 2021 Krisztian Szegi
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2021 boris runakov
+# SPDX-FileCopyrightText: 2022 - 2025 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Charles Wright
+# SPDX-FileCopyrightText: 2022 Julian Foad
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2023 Benjamin Kampmann
+# SPDX-FileCopyrightText: 2023 Jayesh Nirve
+# SPDX-FileCopyrightText: 2023 Johan Swetzén
+# SPDX-FileCopyrightText: 2023 Pierre 'McFly' Marty
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+# SPDX-FileCopyrightText: 2024 László Várady
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # The bare domain name which represents your Matrix identity.
@@ -80,6 +109,9 @@ matrix_server_fqn_cinny: "cinny.{{ matrix_domain }}"
 # This is where you access the SchildiChat Web from (if enabled via matrix_client_schildichat_enabled; disabled by default).
 matrix_server_fqn_schildichat: "schildichat.{{ matrix_domain }}"
 
+# This is where you access the FluffyChat Web from (if enabled via matrix_client_fluffychat_enabled; disabled by default).
+matrix_server_fqn_fluffychat: "fluffychat.{{ matrix_domain }}"
+
 # This is where you access the Buscarron bot from (if enabled via matrix_bot_buscarron_enabled; disabled by default).
 matrix_server_fqn_buscarron: "buscarron.{{ matrix_domain }}"
 
@@ -133,7 +165,12 @@ matrix_architecture: "{{ 'amd64' if ansible_architecture == 'x86_64' else ('arm6
 # We just remap from our `matrix_architecture` values to what Debian and possibly other distros call things.
 matrix_debian_arch: "{{ 'armhf' if matrix_architecture == 'arm32' else matrix_architecture }}"
 
-matrix_container_global_registry_prefix: "docker.io/"
+# If specified, the playbook will override the default registry prefix for all components.
+#
+# This is to be used when you've mirrored all the necessary container images (from their respective registries) by yourself.
+#
+# Example value: "registry.example.com/" (note the trailing `/`).
+matrix_container_global_registry_prefix_override: ""
 
 matrix_user_username: "matrix"
 matrix_user_groupname: "matrix"
@@ -217,7 +254,6 @@ matrix_metrics_exposure_http_basic_auth_users: ''
 # - `playbook-managed-traefik`
 #     - the playbook will run a managed Traefik instance (matrix-traefik)
 #     - Traefik will do SSL termination, unless you disable it (e.g. `traefik_config_entrypoint_web_secure_enabled: false`)
-#     - if SSL termination is enabled (as it is by default), you need to populate: `traefik_config_certificatesResolvers_acme_email`
 #
 # - `other-traefik-container`
 #     - this playbook will not install Traefik
@@ -271,7 +307,7 @@ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_name: "{{ matrix
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: "{{ matrix_federation_public_port }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port_udp: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort if matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled else '' }}"
-matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
+matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config: "{{ (matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_default | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_auto)) | combine(matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_custom, recursive=True) }}"
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_enabled: true
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_http3_advertisedPort: "{{ matrix_playbook_public_matrix_federation_api_traefik_entrypoint_port }}"  # noqa var-naming
 matrix_playbook_public_matrix_federation_api_traefik_entrypoint_config_transport_respondingTimeouts_readTimeout: "{{ traefik_config_entrypoint_web_secure_transport_respondingTimeouts_readTimeout }}"  # noqa var-naming

roles/custom/matrix-base/tasks/ensure_fuse_installed.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # This is for both RedHat 7 and 8

roles/custom/matrix-base/tasks/ensure_fuse_installed_archlinux.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure fuse installed (Archlinux)

roles/custom/matrix-base/tasks/ensure_fuse_installed_debian.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure fuse installed (Debian/Raspbian)

roles/custom/matrix-base/tasks/ensure_fuse_installed_redhat.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure fuse installed (RedHat)

roles/custom/matrix-base/tasks/ensure_openssl_installed.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure openssl installed

roles/custom/matrix-base/tasks/main.yml

@@ -1,3 +1,12 @@
+# SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2019 Dan Arnfield
+# SPDX-FileCopyrightText: 2020 MDAD project contributors
+# SPDX-FileCopyrightText: 2020 Marcel Partap
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Warren Bailey
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-base/tasks/setup_matrix_base.yml

@@ -1,3 +1,15 @@
+# SPDX-FileCopyrightText: 2017 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2018 - 2022 MDAD project contributors
+# SPDX-FileCopyrightText: 2019 Stuart Mumford
+# SPDX-FileCopyrightText: 2020 Béla Becker
+# SPDX-FileCopyrightText: 2020 Chris van Dijk
+# SPDX-FileCopyrightText: 2020 Horvath Gergely
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+# SPDX-FileCopyrightText: 2024 László Várady
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix base paths exists

roles/custom/matrix-base/tasks/setup_matrix_user.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2020 - 2022 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure Matrix group is created

roles/custom/matrix-base/tasks/validate_config.yml

@@ -1,3 +1,13 @@
+# SPDX-FileCopyrightText: 2018 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2020 - 2021 Aaron Raimist
+# SPDX-FileCopyrightText: 2020 Christian Wolf
+# SPDX-FileCopyrightText: 2020 Horvath Gergely
+# SPDX-FileCopyrightText: 2022 Charles Wright
+# SPDX-FileCopyrightText: 2022 Warren Bailey
+# SPDX-FileCopyrightText: 2023 Jayesh Nirve
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if invalid homeserver implementation
@@ -9,7 +19,7 @@
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
   when: "item.old in vars"
   with_items:
     - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
@@ -21,6 +31,7 @@
     - {'old': 'matrix_client_element_e2ee_default', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_default'}
     - {'old': 'matrix_client_element_e2ee_secure_backup_required', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_required'}
     - {'old': 'matrix_client_element_e2ee_secure_backup_setup_methods', 'new': 'matrix_static_files_file_matrix_client_property_io_element_e2ee_secure_backup_setup_methods'}
+    - {'old': 'matrix_container_global_registry_prefix', 'new': '<no global variable anymore; you need to override the `_registry_prefix` variable in each component separately>'}
 
 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined

roles/custom/matrix-base/templates/bin/remove-all.j2.license

@@ -0,0 +1,6 @@
+SPDX-FileCopyrightText: 2018 - 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2019 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2019 Hugues De Keyzer
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/defaults/main.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2024 Nikita Chernyi
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # baibot is a bot exposing the power of Large Language Models to you.
@@ -11,9 +17,11 @@ matrix_bot_baibot_container_repo_version: "{{ 'main' if matrix_bot_baibot_versio
 matrix_bot_baibot_container_src_files_path: "{{ matrix_base_data_path }}/baibot/container-src"
 
 # renovate: datasource=docker depName=ghcr.io/etkecc/baibot
-matrix_bot_baibot_version: v1.4.1
-matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_name_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
-matrix_bot_baibot_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_baibot_version: v1.6.0
+matrix_bot_baibot_container_image: "{{ matrix_bot_baibot_container_image_registry_prefix }}etkecc/baibot:{{ matrix_bot_baibot_version }}"
+matrix_bot_baibot_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_baibot_container_image_self_build else matrix_bot_baibot_container_image_registry_prefix_upstream }}"
+matrix_bot_baibot_container_image_registry_prefix_upstream: "{{ matrix_bot_baibot_container_image_registry_prefix_upstream_default }}"
+matrix_bot_baibot_container_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_bot_baibot_container_image_force_pull: "{{ matrix_bot_baibot_container_image.endswith(':latest') }}"
 
 matrix_bot_baibot_base_path: "{{ matrix_base_data_path }}/baibot"
@@ -87,6 +95,10 @@ matrix_bot_baibot_config_user_encryption_recovery_reset_allowed: false
 # If you leave this empty, the bot will use the default (!bai).
 matrix_bot_baibot_config_command_prefix: "!bai"
 
+# Controls the `room.post_join_self_introduction_enabled` configuration setting.
+# Influences whether the bot should send an introduction message after joining a room.
+matrix_bot_baibot_config_room_post_join_self_introduction_enabled: true
+
 # Controls the `access.admin_patterns` configuration setting.
 # A space-separated list of MXID patterns which specify who is an admin.
 #
@@ -167,7 +179,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_anthropic_id: anthropic
 matrix_bot_baibot_config_agents_static_definitions_anthropic_provider: anthropic
 
-matrix_bot_baibot_config_agents_static_definitions_anthropic_config: "{{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_anthropic_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_anthropic_config: "{{ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_anthropic_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_yaml: "{{ lookup('template', 'templates/provider/anthropic-config.yml.j2') }}"
 
@@ -193,7 +205,7 @@ matrix_bot_baibot_config_agents_static_definitions_anthropic_config_api_key: ""
 
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_enabled: true
 # For valid model choices, see: https://platform.anthropic.com/docs/models
-matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-5-sonnet-20240620
+matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_model_id: claude-3-7-sonnet-20250219
 # The prompt text to use (can be null or empty to not use a prompt).
 # See: https://huggingface.co/docs/transformers/en/tasks/prompting
 matrix_bot_baibot_config_agents_static_definitions_anthropic_config_text_generation_prompt: "{{ matrix_bot_baibot_config_agents_static_definitions_prompt }}"
@@ -220,7 +232,7 @@ matrix_bot_baibot_config_agents_static_definitions_groq_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_groq_id: groq
 matrix_bot_baibot_config_agents_static_definitions_groq_provider: groq
 
-matrix_bot_baibot_config_agents_static_definitions_groq_config: "{{ matrix_bot_baibot_config_agents_static_definitions_groq_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_groq_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_groq_config: "{{ matrix_bot_baibot_config_agents_static_definitions_groq_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_groq_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_groq_config_yaml: "{{ lookup('template', 'templates/provider/groq-config.yml.j2') }}"
 
@@ -276,7 +288,7 @@ matrix_bot_baibot_config_agents_static_definitions_mistral_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_mistral_id: mistral
 matrix_bot_baibot_config_agents_static_definitions_mistral_provider: mistral
 
-matrix_bot_baibot_config_agents_static_definitions_mistral_config: "{{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_mistral_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_mistral_config: "{{ matrix_bot_baibot_config_agents_static_definitions_mistral_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_mistral_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_mistral_config_yaml: "{{ lookup('template', 'templates/provider/mistral-config.yml.j2') }}"
 
@@ -329,7 +341,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_enabled: false
 matrix_bot_baibot_config_agents_static_definitions_openai_id: openai
 matrix_bot_baibot_config_agents_static_definitions_openai_provider: openai
 
-matrix_bot_baibot_config_agents_static_definitions_openai_config: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_openai_config_extension, recursive=True)}}"
+matrix_bot_baibot_config_agents_static_definitions_openai_config: "{{ matrix_bot_baibot_config_agents_static_definitions_openai_config_yaml | from_yaml | combine(matrix_bot_baibot_config_agents_static_definitions_openai_config_extension, recursive=True) }}"
 
 matrix_bot_baibot_config_agents_static_definitions_openai_config_yaml: "{{ lookup('template', 'templates/provider/openai-config.yml.j2') }}"
 
@@ -364,6 +376,7 @@ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation
 # See: https://blogs.novita.ai/what-are-large-language-model-settings-temperature-top-p-and-max-tokens/#what-is-llm-temperature
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature: 1.0
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens: 16384
+matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens: ~
 matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens: 128000
 
 matrix_bot_baibot_config_agents_static_definitions_openai_config_speech_to_text_enabled: true
@@ -461,7 +474,7 @@ matrix_bot_baibot_configuration: "{{ matrix_bot_baibot_configuration_yaml | from
 #
 # For a more advanced customization, you can extend the default (see `matrix_bot_baibot_configuration_extension_yaml`)
 # or completely replace this variable with your own template.
-matrix_bot_baibot_configuration_yaml: "{{ lookup('template', 'templates/config.yml.j2') }}"
+matrix_bot_baibot_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 
 matrix_bot_baibot_configuration_extension_yaml: |
   # Your custom YAML configuration for baibot goes here.

roles/custom/matrix-bot-baibot/tasks/install.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure baibot paths exist
@@ -70,6 +75,7 @@
     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
     name: "{{ matrix_bot_baibot_container_network }}"
     driver: bridge
+    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"
 
 - name: Ensure matrix-bot-baibot.service installed
   ansible.builtin.template:

roles/custom/matrix-bot-baibot/tasks/main.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-bot-baibot/tasks/uninstall.yml

@@ -1,3 +1,7 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-baibot service

roles/custom/matrix-bot-baibot/tasks/validate_config.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required baibot settings not defined
@@ -26,3 +31,12 @@
     msg: >-
       You need to define a required configuration setting (`matrix_bot_baibot_config_access_admin_patterns`) to specify which users are bot administrators.
   when: "matrix_bot_baibot_config_access_admin_patterns | length == 0"
+
+- name: (Deprecation) Catch and report renamed baibot settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_bot_baibot_container_image_name_prefix', 'new': 'matrix_bot_baibot_container_image_registry_prefix'}

roles/custom/matrix-bot-baibot/templates/config.yaml.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 - 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # Default configuration for baibot.
 # To extend it, use `matrix_bot_baibot_configuration_extension_yaml`.
 
@@ -35,6 +42,10 @@ user:
 # Command prefix. Leave empty to use the default (!bai).
 command_prefix: {{ matrix_bot_baibot_config_command_prefix | to_json }}
 
+room:
+  # Whether the bot should send an introduction message after joining a room.
+  post_join_self_introduction_enabled: {{ matrix_bot_baibot_config_room_post_join_self_introduction_enabled | to_json }}
+
 access:
   # Space-separated list of MXID patterns which specify who is an admin.
   admin_patterns: {{ matrix_bot_baibot_config_access_admin_patterns | to_json }}

roles/custom/matrix-bot-baibot/templates/env.j2

@@ -1 +1,7 @@
+{#
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {{ matrix_bot_baibot_environment_variables_extension }}

roles/custom/matrix-bot-baibot/templates/provider/anthropic-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/provider/groq-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/provider/mistral-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2

@@ -8,7 +8,12 @@ text_generation:
   model_id: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_model_id | to_json }}
   prompt: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_prompt | to_json }}
   temperature: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_temperature | to_json }}
+  {% if matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens %}
   max_response_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_response_tokens | int | to_json }}
+  {% endif %}
+  {% if matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens %}
+  max_completion_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_completion_tokens | int | to_json }}
+  {% endif %}
   max_context_tokens: {{ matrix_bot_baibot_config_agents_static_definitions_openai_config_text_generation_max_context_tokens | int | to_json }}
 {% endif %}
 

roles/custom/matrix-bot-baibot/templates/provider/openai-config.yml.j2.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-baibot 2>/dev/null || true'
 
 {#
@@ -43,7 +43,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-baibot
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-baibot 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-baibot 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-bot-baibot/templates/systemd/matrix-bot-baibot.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2025 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-buscarron/defaults/main.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2022 - 2024 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # Buscarron is a Web forms (HTTP POST) to Matrix service.
@@ -29,8 +36,10 @@ matrix_bot_buscarron_docker_repo: "https://github.com/etkecc/buscarron.git"
 matrix_bot_buscarron_docker_repo_version: "{{ matrix_bot_buscarron_version }}"
 matrix_bot_buscarron_docker_src_files_path: "{{ matrix_base_data_path }}/buscarron/docker-src"
 
-matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_name_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
-matrix_bot_buscarron_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else 'ghcr.io/' }}"
+matrix_bot_buscarron_docker_image: "{{ matrix_bot_buscarron_docker_image_registry_prefix }}etkecc/buscarron:{{ matrix_bot_buscarron_version }}"
+matrix_bot_buscarron_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_buscarron_container_image_self_build else matrix_bot_buscarron_docker_image_registry_prefix_upstream }}"
+matrix_bot_buscarron_docker_image_registry_prefix_upstream: "{{ matrix_bot_buscarron_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_buscarron_docker_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_bot_buscarron_docker_image_force_pull: "{{ matrix_bot_buscarron_docker_image.endswith(':latest') }}"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.

roles/custom/matrix-bot-buscarron/tasks/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2022 - 2023 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-bot-buscarron/tasks/setup_install.yml

@@ -1,3 +1,11 @@
+# SPDX-FileCopyrightText: 2022 - 2023 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - ansible.builtin.set_fact:
     matrix_bot_buscarron_requires_restart: false

roles/custom/matrix-bot-buscarron/tasks/setup_uninstall.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-buscarron service

roles/custom/matrix-bot-buscarron/tasks/validate_config.yml

@@ -1,15 +1,22 @@
+# SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 - name: (Deprecation) Catch and report renamed Buscarron settings
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_bot_buscarron_noencryption', 'new': '<removed>'}
     - {'old': 'matrix_bot_buscarron_spam_hosts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
     - {'old': 'matrix_bot_buscarron_spam_emails', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
     - {'old': 'matrix_bot_buscarron_spam_localparts', 'new': '<superseded by matrix_bot_buscarron_spamlist>'}
+    - {'old': 'matrix_bot_buscarron_container_image_name_prefix', 'new': 'matrix_bot_buscarron_container_image_registry_prefix'}
 
 - name: Fail if required Buscarron settings not defined
   ansible.builtin.fail:

roles/custom/matrix-bot-buscarron/templates/env.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2022 - 2024 Nikita Chernyi
+SPDX-FileCopyrightText: 2022 Slavi Pantaleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 BUSCARRON_LOGIN={{ matrix_bot_buscarron_login }}
 BUSCARRON_PASSWORD={{ matrix_bot_buscarron_password }}
 BUSCARRON_HOMESERVER={{ matrix_bot_buscarron_homeserver }}

roles/custom/matrix-bot-buscarron/templates/labels.j2

@@ -1,3 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2023 Nikita Chernyi
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_bot_buscarron_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -38,7 +38,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-buscarron
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-buscarron 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-buscarron 2>/dev/null || true'
 
 Restart=always

roles/custom/matrix-bot-buscarron/templates/systemd/matrix-bot-buscarron.service.j2.license

@@ -0,0 +1,4 @@
+SPDX-FileCopyrightText: 2022 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2022 Nikita Chernyi
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-chatgpt/defaults/main.yml

@@ -1,3 +1,12 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2023 Joe Kappus
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Nikita Chernyi
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 # chatgpt is a bot for chatting to openAI chatgpt Matrix bot
 # Project source code URL: https://github.com/matrixgpt/matrix-chatgpt-bot
@@ -11,11 +20,12 @@ matrix_bot_chatgpt_container_image_self_build: false
 matrix_bot_chatgpt_container_image_self_build_repo: "https://github.com/matrixgpt/matrix-chatgpt-bot"
 matrix_bot_chatgpt_container_image_self_build_repo_version: "{{ 'main' if matrix_bot_chatgpt_version == 'latest' else matrix_bot_chatgpt_version }}"
 
-matrix_bot_chatgpt_container_image: "{{ matrix_bot_chatgpt_container_image_name_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_container_image_tag }}"
-matrix_bot_chatgpt_container_image_name_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else matrix_bot_chatgpt_container_image_registry_prefix }}"
+matrix_bot_chatgpt_container_image: "{{ matrix_bot_chatgpt_container_image_registry_prefix }}matrixgpt/matrix-chatgpt-bot:{{ matrix_bot_chatgpt_container_image_tag }}"
+matrix_bot_chatgpt_container_image_registry_prefix: "{{ 'localhost/' if matrix_bot_chatgpt_container_image_self_build else matrix_bot_chatgpt_container_image_registry_prefix_upstream }}"
+matrix_bot_chatgpt_container_image_registry_prefix_upstream: "{{ matrix_bot_chatgpt_container_image_registry_prefix_upstream_default }}"
+matrix_bot_chatgpt_container_image_registry_prefix_upstream_default: "ghcr.io/"
 matrix_bot_chatgpt_container_image_tag: "{{ matrix_bot_chatgpt_version }}"
 matrix_bot_chatgpt_container_image_force_pull: "{{ matrix_bot_chatgpt_container_image.endswith(':latest') }}"
-matrix_bot_chatgpt_container_image_registry_prefix: ghcr.io/
 
 matrix_bot_chatgpt_base_path: "{{ matrix_base_data_path }}/chatgpt"
 matrix_bot_chatgpt_config_path: "{{ matrix_bot_chatgpt_base_path }}/config"

roles/custom/matrix-bot-chatgpt/tasks/install.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 David Mehren
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure chatgpt paths exist

roles/custom/matrix-bot-chatgpt/tasks/main.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 -

roles/custom/matrix-bot-chatgpt/tasks/uninstall.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-chatgpt service

roles/custom/matrix-bot-chatgpt/tasks/validate_config.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2025 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Fail if required Chatgpt settings not defined
@@ -26,7 +32,7 @@
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
-      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
   when: "item.old in vars"
   with_items:
     - {'old': 'matrix_bot_chatgpt_docker_image', 'new': 'matrix_bot_chatgpt_container_image'}
@@ -35,3 +41,4 @@
     - {'old': 'matrix_bot_chatgpt_docker_repo', 'new': 'matrix_bot_chatgpt_container_image_self_build_repo'}
     - {'old': 'matrix_bot_chatgpt_docker_repo_version', 'new': 'matrix_bot_chatgpt_container_image_self_build_repo_version'}
     - {'old': 'matrix_bot_chatgpt_docker_src_files_path', 'new': 'matrix_bot_chatgpt_container_src_path'}
+    - {'old': 'matrix_bot_chatgpt_container_image_name_prefix', 'new': 'matrix_bot_chatgpt_container_image_registry_prefix'}

roles/custom/matrix-bot-chatgpt/templates/env.j2

@@ -1,3 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 Joe Kappus
+SPDX-FileCopyrightText: 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 MATRIX_HOMESERVER_URL={{ matrix_bot_chatgpt_matrix_homeserver_url }}
 MATRIX_ACCESS_TOKEN={{ matrix_bot_chatgpt_matrix_access_token }}
 

roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -39,7 +39,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-chatgpt
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ matrix_bot_chatgpt_container_stop_grace_time_seconds }} matrix-bot-chatgpt 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-chatgpt 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-bot-chatgpt/templates/systemd/matrix-bot-chatgpt.service.j2.license

@@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2023 MDAD project contributors
+SPDX-FileCopyrightText: 2023 Vladimir Panteleev
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-draupnir/defaults/main.yml

@@ -1,3 +1,10 @@
+# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 # A moderation tool for Matrix
 # Project source code URL: https://github.com/the-draupnir-project/Draupnir
@@ -5,13 +12,15 @@
 matrix_bot_draupnir_enabled: true
 
 # renovate: datasource=docker depName=gnuxie/draupnir
-matrix_bot_draupnir_version: "v2.0.1"
+matrix_bot_draupnir_version: "v2.2.0"
 
 matrix_bot_draupnir_container_image_self_build: false
 matrix_bot_draupnir_container_image_self_build_repo: "https://github.com/the-draupnir-project/Draupnir.git"
 
-matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_name_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
-matrix_bot_draupnir_docker_image_name_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_container_global_registry_prefix }}"
+matrix_bot_draupnir_docker_image: "{{ matrix_bot_draupnir_docker_image_registry_prefix }}gnuxie/draupnir:{{ matrix_bot_draupnir_version }}"
+matrix_bot_draupnir_docker_image_registry_prefix: "{{ 'localhost/' if matrix_bot_draupnir_container_image_self_build else matrix_bot_draupnir_docker_image_registry_prefix_upstream }}"
+matrix_bot_draupnir_docker_image_registry_prefix_upstream: "{{ matrix_bot_draupnir_docker_image_registry_prefix_upstream_default }}"
+matrix_bot_draupnir_docker_image_registry_prefix_upstream_default: "docker.io/"
 matrix_bot_draupnir_docker_image_force_pull: "{{ matrix_bot_draupnir_docker_image.endswith(':latest') }}"
 
 matrix_bot_draupnir_base_path: "{{ matrix_base_data_path }}/draupnir"
@@ -19,9 +28,9 @@ matrix_bot_draupnir_config_path: "{{ matrix_bot_draupnir_base_path }}/config"
 matrix_bot_draupnir_data_path: "{{ matrix_bot_draupnir_base_path }}/data"
 matrix_bot_draupnir_docker_src_files_path: "{{ matrix_bot_draupnir_base_path }}/docker-src"
 
-matrix_bot_draupnir_abuse_reporting_enabled: false
-matrix_bot_draupnir_web_enabled: "{{ matrix_bot_draupnir_abuse_reporting_enabled }}"
-matrix_bot_draupnir_display_reports: "{{ matrix_bot_draupnir_abuse_reporting_enabled }}"
+matrix_bot_draupnir_config_web_abuseReporting: false  # noqa var-naming
+matrix_bot_draupnir_config_web_enabled: "{{ matrix_bot_draupnir_config_web_abuseReporting }}"  # noqa var-naming
+matrix_bot_draupnir_config_displayReports: "{{ matrix_bot_draupnir_config_web_abuseReporting }}"  # noqa var-naming
 
 matrix_bot_draupnir_container_network: ""
 
@@ -48,67 +57,77 @@ matrix_bot_draupnir_systemd_wanted_services_list: []
 
 # Whether Draupnir should talk to the homeserver through Pantalaimon
 # If true, then other variables must be provided including pointing
-# `matrix_bot_draupnir_homeserver_url` to the Pantalaimon URL.
-# Enabling this option is discouraged, because Draupnir does not support
-# running with Pantalaimon as it would break all workflows that involve answering
-# prompts with reactions. (Hint: a lot of workflows rely on them.)
+# `matrix_bot_draupnir_config_homeserverUrl` to the Pantalaimon URL.
+#
+# The upstream project discourages enabling this option, because it is
+# known that running Draupnir along with Pantalaimon breaks all workflows that involve
+# answering prompts with reactions. (Hint: a lot of workflows rely on them.)
 matrix_bot_draupnir_pantalaimon_use: false
 
 # If you choose to accept the risks of using Pantalaimon in your installation
-# against the upstream advice, you can enable this to disable the warning about it.
+# against the upstream advice, you can enable this to disable the warning about using it.
 matrix_bot_draupnir_pantalaimon_breakage_ignore: false
 
 # Tells the bot if it should use its native E2EE support in the form of experimental Rust Crypto in the bot SDK.
 # This option is mutually exclusive with `matrix_bot_draupnir_pantalaimon_use`.
 # Rust Crypto requires a clean access token that has not touched E2EE so curl is recommended as a method to obtain it.
-matrix_bot_draupnir_enable_experimental_rust_crypto: false
+matrix_bot_draupnir_config_experimentalRustCrypto: false  # noqa var-naming
 
-# The access token for the bot user. Required when NOT using Pantalaimon.
+# The access token for the bot user. Required if Pantalaimon is NOT used.
 # (Otherwise provide `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password` instead.)
-matrix_bot_draupnir_access_token: ""
+matrix_bot_draupnir_config_accessToken: ""  # noqa var-naming
 
-# User name and password for the bot. Required when using Pantalaimon.
-# (Otherwise provide `matrix_bot_draupnir_access_token` instead.)
+# Username and password for the bot. Required if Pantalaimon is used.
+# (Otherwise provide `matrix_bot_draupnir_config_accessToken` instead.)
 matrix_bot_draupnir_pantalaimon_username: ""
 matrix_bot_draupnir_pantalaimon_password: ""
 
-# Username and password the bot uses for logging in directly. If using Pantalimon
+# Username and password the bot uses for logging in directly. If Pantalaimon is used,
 # these values become the values of `matrix_bot_draupnir_pantalaimon_username` and `matrix_bot_draupnir_pantalaimon_password`
+# These config options do not follow the common naming schema as to not cause user confusion over them being called Pantalaimon when using native login.
 matrix_bot_draupnir_login: "{{ matrix_bot_draupnir_pantalaimon_username if matrix_bot_draupnir_pantalaimon_use == 'true' else 'bot.draupnir' }}"
 matrix_bot_draupnir_password: "{{ matrix_bot_draupnir_pantalaimon_password }}"
 
-# Controls if we activate the pantalaimon config block for now. This configuration block is proable to change name for our usecase
-# due to a Draupnir push to scrub Pantalaimon from the codebase.
+# Controls if we activate the config block for Pantalaimon for now. Its name will
+# probably be changed for our usecase due to Draupnir's push to scrub Pantalaimon from the codebase.
+# This configuration option does not follow the common naming schema as its not controlling a config key directly.
 matrix_bot_draupnir_login_native: ""
 
 # The room ID where people can use the bot. The bot has no access controls, so
 # anyone in this room can use the bot - secure your room!
 # This should be a room alias or room ID - not a matrix.to URL.
 # Note: Draupnir is fairly verbose - expect a lot of messages from it.
-matrix_bot_draupnir_management_room: ""
+matrix_bot_draupnir_config_managementRoom: ""  # noqa var-naming
 
 # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API).
-# Set this to the pantalaimon URL if you're using that.
-matrix_bot_draupnir_homeserver_url: ""
+# Set this to the Pantalaimon URL if you're using that.
+matrix_bot_draupnir_config_homeserverUrl: ""  # noqa var-naming
 
-# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
-# only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
-matrix_bot_draupnir_raw_homeserver_url: ""
+# Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/).
+# Only set this to the public-internet homeserver client API URL. Do NOT set this to the Pantalaimon URL.
+matrix_bot_draupnir_config_rawHomeserverUrl: ""  # noqa var-naming
 
-# Disable Server ACL is used if you want to not give the bot the right to apply Server ACLs in rooms without complaints from the bot.
-# This setting is described the following way in the Configuration.
+# Disable Server ACL is used if you do not want to give the bot the right to apply Server ACLs in rooms without complaints from the bot.
+# This setting is described the following way in the configuration.
 #
 # Whether or not Draupnir should apply `m.room.server_acl` events.
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
+# It is recommended to consult with people from the upstream project beforehand.
 #
-# Please follow the advice of upstream and only change this value if you know what your doing.
-# Its Exposed here because its common enough to be valid to expose.
-matrix_bot_draupnir_disable_server_acl: "false"
+# It is exposed here because it is common enough to be valid to expose.
+matrix_bot_draupnir_config_disableServerACL: false  # noqa var-naming
+
+# Control if Draupnir wants for the Synapse Admin API to be exposed internally to containers, therefore giving Draupnir Access.
+matrix_bot_draupnir_admin_api_enabled: "{{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand }}"
+
+# Controls if the Draupnir room hijack command is activated or not.
+# Also see `matrix_bot_draupnir_admin_api_enabled`.
+matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand: false  # noqa var-naming
 
 # Controls if the room state backing store is activated.
 # Room state backing store makes restarts of the bot lightning fast as the bot does not suffer from amnesia.
 # This config option has diminished improvements for bots on extremely fast homeservers or very very small bots on fast homeservers.
-matrix_bot_draupnir_enable_room_state_backing_store: "true"
+matrix_bot_draupnir_config_roomStateBackingStore_enabled: true  # noqa var-naming
 
 # Default configuration template which covers the generic use case.
 # You can customize it by controlling the various variables inside it.

roles/custom/matrix-bot-draupnir/tasks/main.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2023 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags:

roles/custom/matrix-bot-draupnir/tasks/setup_install.yml

@@ -1,3 +1,11 @@
+# SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2024 David Mehren
+# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - ansible.builtin.set_fact:

roles/custom/matrix-bot-draupnir/tasks/setup_uninstall.yml

@@ -1,3 +1,8 @@
+# SPDX-FileCopyrightText: 2023 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 Catalan Lover <catalanlover@protonmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Check existence of matrix-bot-draupnir service

roles/custom/matrix-bot-draupnir/tasks/validate_config.yml

@@ -1,28 +1,66 @@
+# SPDX-FileCopyrightText: 2023 - 2025 MDAD project contributors
+# SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
+# SPDX-FileCopyrightText: 2024 - 2025 Slavi Pantaleev
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
+- name: (Deprecation) Catch and report renamed Draupnir settings
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please rename the variable (`{{ item.old }}` -> `{{ item.new }}`) on your configuration file (vars.yml).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'matrix_bot_draupnir_container_image_name_prefix', 'new': 'matrix_bot_draupnir_container_image_registry_prefix'}
+    - {'old': 'matrix_bot_draupnir_enable_room_state_backing_store', 'new': 'matrix_bot_draupnir_config_roomStateBackingStore_enabled'}
+    - {'old': 'matrix_bot_draupnir_disable_server_acl', 'new': 'matrix_bot_draupnir_config_disableServerACL'}
+    - {'old': 'matrix_bot_draupnir_enable_experimental_rust_crypto', 'new': 'matrix_bot_draupnir_config_experimentalRustCrypto'}
+    - {'old': 'matrix_bot_draupnir_access_token', 'new': 'matrix_bot_draupnir_config_accessToken'}
+    - {'old': 'matrix_bot_draupnir_management_room', 'new': 'matrix_bot_draupnir_config_managementRoom'}
+    - {'old': 'matrix_bot_draupnir_homeserver_url', 'new': 'matrix_bot_draupnir_config_homeserverUrl'}
+    - {'old': 'matrix_bot_draupnir_raw_homeserver_url', 'new': 'matrix_bot_draupnir_config_rawHomeserverUrl'}
+    - {'old': 'matrix_bot_draupnir_web_enabled', 'new': 'matrix_bot_draupnir_config_web_enabled'}
+    - {'old': 'matrix_bot_draupnir_abuse_reporting_enabled', 'new': 'matrix_bot_draupnir_config_web_abuseReporting'}
+    - {'old': 'matrix_bot_draupnir_display_reports', 'new': 'matrix_bot_draupnir_config_displayReports'}
+
 - name: Fail if required matrix-bot-draupnir variables are undefined
   ansible.builtin.fail:
     msg: "The `{{ item.name }}` variable must be defined and have a non-null value."
   with_items:
-    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
-    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_enable_experimental_rust_crypto }}"}
-    - {'name': 'matrix_bot_draupnir_management_room', when: true}
+    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ not matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_config_experimentalRustCrypto }}"}
+    - {'name': 'matrix_bot_draupnir_config_managementRoom', when: true}
     - {'name': 'matrix_bot_draupnir_container_network', when: true}
-    - {'name': 'matrix_bot_draupnir_homeserver_url', when: true}
-    - {'name': 'matrix_bot_draupnir_raw_homeserver_url', when: true}
+    - {'name': 'matrix_bot_draupnir_config_homeserverUrl', when: true}
+    - {'name': 'matrix_bot_draupnir_config_rawHomeserverUrl', when: true}
     - {'name': 'matrix_bot_draupnir_pantalaimon_username', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
     - {'name': 'matrix_bot_draupnir_pantalaimon_password', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
   when: "item.when | bool and (vars[item.name] == '' or vars[item.name] is none)"
 
+- name: Fail if Draupnir room hijacking enabled without enabling the Synapse Admin API
+  ansible.builtin.fail:
+    msg: "When matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand is enabled, matrix_bot_draupnir_admin_api_enabled must also be enabled"
+  when: "matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | bool and not matrix_bot_draupnir_admin_api_enabled | bool"
+
 - name: Fail if inappropriate variables are defined
   ansible.builtin.fail:
     msg: "The `{{ item.name }}` variable must be undefined or have a null value."
   with_items:
-    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
-    - {'name': 'matrix_bot_draupnir_access_token', when: "{{ matrix_bot_draupnir_login_native }}"}
-    - {'name': 'matrix_bot_draupnir_pantalaimon_use', when: "{{  matrix_bot_draupnir_enable_experimental_rust_crypto }}"}
+    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_pantalaimon_use }}"}
+    - {'name': 'matrix_bot_draupnir_config_accessToken', when: "{{ matrix_bot_draupnir_login_native }}"}
   when: "item.when | bool and not (vars[item.name] == '' or vars[item.name] is none)"
 
+- name: Fail when matrix_bot_draupnir_config_experimentalRustCrypto is enabled together with matrix_bot_draupnir_pantalaimon_use
+  ansible.builtin.fail:
+    msg: >-
+      Your configuration is trying to enable matrix_bot_draupnir_config_experimentalRustCrypto and matrix_bot_draupnir_pantalaimon_use at the same time.
+      These settings are mutually incompatible and therefore cant be used at the same time.
+  when:
+    - matrix_bot_draupnir_pantalaimon_use
+    - matrix_bot_draupnir_config_experimentalRustCrypto
+
 - when: "matrix_bot_draupnir_pantalaimon_use == 'true' and matrix_bot_draupnir_pantalaimon_breakage_ignore == 'false'"
   block:
     - name: Inject warning if Pantalaimon is used together with Draupnir
@@ -32,6 +70,6 @@
             devture_playbook_runtime_messages_list | default([])
             +
             [
-              "Note: Draupnir does not support running with Pantalaimon as it would break all workflows that involve answering prompts with reactions. To enable E2EE for Draupnir, it is recommended to use matrix_bot_draupnir_enable_experimental_rust_crypto instead. This warning can be disabled by setting matrix_bot_draupnir_pantalaimon_breakage_ignore to true."
+              "Note: Draupnir does not support running with Pantalaimon as it would break all workflows that involve answering prompts with reactions. To enable E2EE for Draupnir, it is recommended to use matrix_bot_draupnir_config_experimentalRustCrypto instead. This warning can be disabled by setting matrix_bot_draupnir_pantalaimon_breakage_ignore to true."
             ]
           }}

roles/custom/matrix-bot-draupnir/templates/labels.j2

@@ -1,3 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 {% if matrix_bot_draupnir_container_labels_traefik_enabled %}
 traefik.enable=true
 

roles/custom/matrix-bot-draupnir/templates/production.yaml.j2

@@ -1,14 +1,23 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 MDAD project contributors
+SPDX-FileCopyrightText: 2023 - 2025 Catalan Lover <catalanlover@protonmail.com>
+SPDX-FileCopyrightText: 2024 Slavi Pantaleev
+SPDX-FileCopyrightText: 2024 Suguru Hirahara
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
 # Endpoint URL that Draupnir uses to interact with the Matrix homeserver (client-server API),
-homeserverUrl: {{ matrix_bot_draupnir_homeserver_url | to_json }}
+homeserverUrl: {{ matrix_bot_draupnir_config_homeserverUrl | to_json }}
 
 # Endpoint URL that Draupnir could use to fetch events related to reports (client-server API and /_synapse/),
 # only set this to the public-internet homeserver client API URL, do NOT set this to the pantalaimon URL.
-rawHomeserverUrl: {{ matrix_bot_draupnir_raw_homeserver_url | to_json }}
+rawHomeserverUrl: {{ matrix_bot_draupnir_config_rawHomeserverUrl | to_json }}
 
 # Matrix Access Token to use, Draupnir will only use this if pantalaimon.use is false.
 # This option can be loaded from a file by passing "--access-token-path <path>" at the command line,
 # which would allow using secret management systems such as systemd's service credentials.
-accessToken: {{ matrix_bot_draupnir_access_token | to_json }}
+accessToken: {{ matrix_bot_draupnir_config_accessToken | to_json }}
 
 {% if matrix_bot_draupnir_pantalaimon_use or matrix_bot_draupnir_login_native %}
 # Options related to Pantalaimon (https://github.com/matrix-org/pantalaimon)
@@ -34,7 +43,7 @@ pantalaimon:
 # Make sure Pantalaimon is disabled in Draupnir's configuration.
 #
 # Warning: At this time this is not considered production safe.
-experimentalRustCrypto: {{ matrix_bot_draupnir_enable_experimental_rust_crypto | to_json }}
+experimentalRustCrypto: {{ matrix_bot_draupnir_config_experimentalRustCrypto | to_json }}
 
 # The path Draupnir will store its state/data in, leave default ("/data/storage") when using containers.
 dataPath: "/data"
@@ -57,7 +66,7 @@ recordIgnoredInvites: false
 #
 # Note: By default, Draupnir is fairly verbose - expect a lot of messages in this room.
 # (see verboseLogging to adjust this a bit.)
-managementRoom: {{ matrix_bot_draupnir_management_room | to_json }}
+managementRoom: {{ matrix_bot_draupnir_config_managementRoom | to_json }}
 
 # Deprecated and will be removed in a future version.
 # Running with verboseLogging is unsupported.
@@ -85,7 +94,7 @@ noop: false
 
 # Whether or not Draupnir should apply `m.room.server_acl` events.
 # DO NOT change this to `true` unless you are very confident that you know what you are doing.
-disableServerACL: {{ matrix_bot_draupnir_disable_server_acl | to_json }}
+disableServerACL: {{ matrix_bot_draupnir_config_disableServerACL | to_json }}
 
 # A case-insensitive list of ban reasons to have the bot also automatically redact the user's messages for.
 #
@@ -122,18 +131,15 @@ protectAllJoinedRooms: false
 # of the homeserver may be more impacted.
 backgroundDelayMS: 500
 
-# FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
-# be accessed from containers. See https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3389
-# and https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3308
 # Server administration commands, these commands will only work if Draupnir is
 # a global server administrator, and the bot's server is a Synapse instance.
-#admin:
-#  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
-#  # (with enough permissions) to "make" a user an admin.
-#  #
-#  # This only works if a local user with enough admin permissions is present in the room.
-#  enableMakeRoomAdminCommand: false
-#
+admin:
+  # Whether or not Draupnir can temporarily take control of any eligible account from the local homeserver who's in the room
+  # (with enough permissions) to "make" a user an admin.
+  #
+  # This only works if a local user with enough admin permissions is present in the room.
+  enableMakeRoomAdminCommand: {{ matrix_bot_draupnir_config_admin_enableMakeRoomAdminCommand | to_json }}
+
 # Misc options for command handling and commands
 commands:
   # Whether or not the `!draupnir` prefix is necessary to submit commands.
@@ -191,7 +197,7 @@ commands:
 # homeserver and know that Draupnir is starting up quickly. If your homeserver can
 # respond quickly to Draupnir's requests for `/state` then you might not need this option.
 roomStateBackingStore:
-  enabled: {{ matrix_bot_draupnir_enable_room_state_backing_store | to_json }}
+  enabled: {{ matrix_bot_draupnir_config_roomStateBackingStore_enabled | to_json }}
 
 # Safe mode provides recovery options for some failure modes when Draupnir
 # fails to start. For example, if the bot fails to resolve a room alias in
@@ -253,7 +259,7 @@ health:
     # and 1.0 means "trace performance at every opportunity".
     # tracesSampleRate: 0.5
 
-{% if matrix_bot_draupnir_web_enabled %}
+{% if matrix_bot_draupnir_config_web_enabled %}
 # Options for exposing web APIs.
 web:
   # Whether to enable web APIs.
@@ -279,7 +285,7 @@ web:
   # to configure a reverse proxy, see e.g. test/nginx.conf
   abuseReporting:
     # Whether to enable this feature.
-    enabled: {{ matrix_bot_draupnir_abuse_reporting_enabled | to_json }}
+    enabled: {{ matrix_bot_draupnir_config_web_abuseReporting | to_json }}
 {% endif %}
 
 # FIXME: This configuration option is currently broken in the playbook as admin APIs cannot
@@ -292,4 +298,4 @@ web:
 
 # Whether or not new reports, received either by webapi or polling,
 # should be printed to our managementRoom.
-displayReports: {{ matrix_bot_draupnir_display_reports | to_json }}
+displayReports: {{ matrix_bot_draupnir_config_displayReports | to_json }}

roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2

@@ -13,7 +13,7 @@ DefaultDependencies=no
 [Service]
 Type=simple
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
+ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
 ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
 
 ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
@@ -42,7 +42,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network conne
 
 ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-draupnir
 
-ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
+ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop -t {{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-draupnir 2>/dev/null || true'
 ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-draupnir 2>/dev/null || true'
 Restart=always
 RestartSec=30

roles/custom/matrix-bot-draupnir/templates/systemd/matrix-bot-draupnir.service.j2.license

@@ -0,0 +1,5 @@
+SPDX-FileCopyrightText: 2023 - 2025 Slavi Pantaleev
+SPDX-FileCopyrightText: 2023 - 2024 Catalan Lover <catalanlover@protonmail.com>
+SPDX-FileCopyrightText: 2024 MDAD project contributors
+
+SPDX-License-Identifier: AGPL-3.0-or-later

roles/custom/matrix-bot-go-neb/defaults/main.yml

@@ -1,3 +1,12 @@
+# SPDX-FileCopyrightText: 2021 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2023 Samuel Meenzen
+# SPDX-FileCopyrightText: 2024 Suguru Hirahara
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
@@ -28,7 +37,9 @@ matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"
 matrix_bot_go_neb_container_image: "{{ matrix_bot_go_neb_container_image_registry_prefix }}matrixdotorg/go-neb:{{ matrix_bot_go_neb_container_image_tag }}"
 matrix_bot_go_neb_container_image_tag: "{{ matrix_bot_go_neb_version }}"
 matrix_bot_go_neb_container_image_force_pull: "{{ matrix_bot_go_neb_container_image.endswith(':latest') }}"
-matrix_bot_go_neb_container_image_registry_prefix: docker.io/
+matrix_bot_go_neb_container_image_registry_prefix: "{{ matrix_bot_go_neb_container_image_registry_prefix_upstream }}"
+matrix_bot_go_neb_container_image_registry_prefix_upstream: "{{ matrix_bot_go_neb_container_image_registry_prefix_upstream_default }}"
+matrix_bot_go_neb_container_image_registry_prefix_upstream_default: "docker.io/"
 
 # The base container network. It will be auto-created by this role if it doesn't exist already.
 matrix_bot_go_neb_container_network: matrix-bot-go-neb

roles/custom/matrix-bot-go-neb/tasks/install.yml

@@ -1,3 +1,13 @@
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2022 - 2024 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Jim Myhrberg
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+# SPDX-FileCopyrightText: 2022 Nikita Chernyi
+# SPDX-FileCopyrightText: 2022 Sebastian Gumprich
+# SPDX-FileCopyrightText: 2024 David Mehren
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - name: Ensure go-neb paths exist

roles/custom/matrix-bot-go-neb/tasks/main.yml

@@ -1,3 +1,9 @@
+# SPDX-FileCopyrightText: 2021 Yannick Goossens
+# SPDX-FileCopyrightText: 2022 - 2023 Slavi Pantaleev
+# SPDX-FileCopyrightText: 2022 Marko Weltzer
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
 ---
 
 - tags: